none
Outlook Anywhere, OWA, ActiveSync, Authentication & UAG RRS feed

  • Question

  • Hi,

    We are going to be publishing the following via UAG:

    • Outlook anywhere
    • OWA
    • ActiveSync
    • And a UAG Portal with a few applications (RDP, Sharepoint, File Server access)

    Users inside the company currently use Outlook and NTLM authentication, and we'd like to keep it that way while they are roaming. I see that is possible on http://www.microsoft.com/download/en/confirmation.aspx?id=22723

    People should also be able to connect to OWA and ActiveSync outside of using the UAG Portal - this uses Basic authentication?

    Additionally when in the UAG Portal, they should see the OWA icon too. In addition to the RDP icon (RD Gateway will be used on UAG); and File Server access icon.

    So, would this be something we could do:

    • OWA, ActiveSync => owa.domain.com => Public IP1 => Web Listener with HTML Forms
    • Outlook Anywhere => mail.domain.com; autodiscover.domain.com => Public IP2 => Web Listener with HTTP Auth (Integrated) ...this would mean that people could continue to use Outlook with NTLM while roaming?

    Also, would we need another Public IP address for Portal.domain.com; which would load the UAG Portal, or could we use Public IP2 for this?

    Thank you,

    SK


    • Edited by D Wind Friday, November 11, 2011 4:53 AM
    Friday, November 11, 2011 4:51 AM

Answers

  • You can do them all on one trunk and therefore one public IP.    The portal url will do a form based login and drop you on teh portal menu (be default).   The owa url will do a form based login and drop you straight into OWA.    The activesync url will do a basic auth at uag and work.   The Anywhere URL can work one of two ways.   Either UAG can do basic auth to client and SSO to Exchange using basic, or if you want your exchange OA set as NTLM and no login required on client beyond the windows login, then you can set OA to ntlm, and set UAG to KCD.

    Hope this helps,  Mark

    • Proposed as answer by Mark Resnik Monday, November 14, 2011 10:06 PM
    • Marked as answer by D Wind Tuesday, November 15, 2011 9:56 AM
    Friday, November 11, 2011 3:32 PM

All replies

  • You can do them all on one trunk and therefore one public IP.    The portal url will do a form based login and drop you on teh portal menu (be default).   The owa url will do a form based login and drop you straight into OWA.    The activesync url will do a basic auth at uag and work.   The Anywhere URL can work one of two ways.   Either UAG can do basic auth to client and SSO to Exchange using basic, or if you want your exchange OA set as NTLM and no login required on client beyond the windows login, then you can set OA to ntlm, and set UAG to KCD.

    Hope this helps,  Mark

    • Proposed as answer by Mark Resnik Monday, November 14, 2011 10:06 PM
    • Marked as answer by D Wind Tuesday, November 15, 2011 9:56 AM
    Friday, November 11, 2011 3:32 PM
  • Thanks Mark,

    So essentially Outlook clients can be configured with NTLM, and they will be able to use this both on the intranet and while roaming and connecting via UAG?

    So I can now have both basic and NTLM authentication on 1 public IP?

    I always thought TMG worked like ISA, and that I'd need 2 IPs (and 2 listeners) to be able to handle basic auth (OWA & ActiveSync) on the first IP & listener; and NTLM (Outlook Anywhere) on the second IP and second listener?

    So UAG running on top of TMG changes this limitation?

     

    Regards

    SK

    Sunday, November 13, 2011 11:19 PM
  • TMG has nothing to do with it.  We are talking about UAG publishing.   TMG is simply there as a firewall and we aren't using it for any publishing.

    And note I said for OWA UAG will do a form based login.  Only ActiveSync and Anywhere are handled special..

    Monday, November 14, 2011 10:06 PM